tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[CRYPTO] padlock-aes: Use generic setkey function

The Padlock AES setkey routine is the same as exported by the generic
implementation. So we could use it.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Cc: Michal Ludvig <michal@logix.cz>
Tested-by: Stefan Hellermann <stefan@the2masters.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Sebastian Siewior and committed by
Herbert Xu 7dc748e4 5427663f

+20 -301
+1
drivers/crypto/Kconfig
··· 27 27 tristate "PadLock driver for AES algorithm" 28 28 depends on CRYPTO_DEV_PADLOCK 29 29 select CRYPTO_BLKCIPHER 30 + select CRYPTO_AES 30 31 help 31 32 Use VIA PadLock for AES algorithm. 32 33
+19 -301
drivers/crypto/padlock-aes.c
··· 5 5 * 6 6 * Copyright (c) 2004 Michal Ludvig <michal@logix.cz> 7 7 * 8 - * Key expansion routine taken from crypto/aes_generic.c 9 - * 10 - * This program is free software; you can redistribute it and/or modify 11 - * it under the terms of the GNU General Public License as published by 12 - * the Free Software Foundation; either version 2 of the License, or 13 - * (at your option) any later version. 14 - * 15 - * --------------------------------------------------------------------------- 16 - * Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. 17 - * All rights reserved. 18 - * 19 - * LICENSE TERMS 20 - * 21 - * The free distribution and use of this software in both source and binary 22 - * form is allowed (with or without changes) provided that: 23 - * 24 - * 1. distributions of this source code include the above copyright 25 - * notice, this list of conditions and the following disclaimer; 26 - * 27 - * 2. distributions in binary form include the above copyright 28 - * notice, this list of conditions and the following disclaimer 29 - * in the documentation and/or other associated materials; 30 - * 31 - * 3. the copyright holder's name is not used to endorse products 32 - * built using this software without specific written permission. 33 - * 34 - * ALTERNATIVELY, provided that this notice is retained in full, this product 35 - * may be distributed under the terms of the GNU General Public License (GPL), 36 - * in which case the provisions of the GPL apply INSTEAD OF those given above. 37 - * 38 - * DISCLAIMER 39 - * 40 - * This software is provided 'as is' with no explicit or implied warranties 41 - * in respect of its properties, including, but not limited to, correctness 42 - * and/or fitness for purpose. 43 - * --------------------------------------------------------------------------- 44 8 */ 45 9 46 10 #include <crypto/algapi.h> ··· 17 53 #include <linux/kernel.h> 18 54 #include <asm/byteorder.h> 19 55 #include "padlock.h" 20 - 21 - #define AES_EXTENDED_KEY_SIZE 64 /* in uint32_t units */ 22 - #define AES_EXTENDED_KEY_SIZE_B (AES_EXTENDED_KEY_SIZE * sizeof(uint32_t)) 23 56 24 57 /* Control word. */ 25 58 struct cword { ··· 31 70 32 71 /* Whenever making any changes to the following 33 72 * structure *make sure* you keep E, d_data 34 - * and cword aligned on 16 Bytes boundaries!!! */ 73 + * and cword aligned on 16 Bytes boundaries and 74 + * the Hardware can access 16 * 16 bytes of E and d_data 75 + * (only the first 15 * 16 bytes matter but the HW reads 76 + * more). 77 + */ 35 78 struct aes_ctx { 79 + u32 E[AES_MAX_KEYLENGTH_U32] 80 + __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); 81 + u32 d_data[AES_MAX_KEYLENGTH_U32] 82 + __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); 36 83 struct { 37 84 struct cword encrypt; 38 85 struct cword decrypt; 39 86 } cword; 40 87 u32 *D; 41 - int key_length; 42 - u32 E[AES_EXTENDED_KEY_SIZE] 43 - __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); 44 - u32 d_data[AES_EXTENDED_KEY_SIZE] 45 - __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); 46 88 }; 47 - 48 - /* ====== Key management routines ====== */ 49 - 50 - static inline uint32_t 51 - generic_rotr32 (const uint32_t x, const unsigned bits) 52 - { 53 - const unsigned n = bits % 32; 54 - return (x >> n) | (x << (32 - n)); 55 - } 56 - 57 - static inline uint32_t 58 - generic_rotl32 (const uint32_t x, const unsigned bits) 59 - { 60 - const unsigned n = bits % 32; 61 - return (x << n) | (x >> (32 - n)); 62 - } 63 - 64 - #define rotl generic_rotl32 65 - #define rotr generic_rotr32 66 - 67 - /* 68 - * #define byte(x, nr) ((unsigned char)((x) >> (nr*8))) 69 - */ 70 - static inline uint8_t 71 - byte(const uint32_t x, const unsigned n) 72 - { 73 - return x >> (n << 3); 74 - } 75 - 76 - #define E_KEY ctx->E 77 - #define D_KEY ctx->D 78 - 79 - static uint8_t pow_tab[256]; 80 - static uint8_t log_tab[256]; 81 - static uint8_t sbx_tab[256]; 82 - static uint8_t isb_tab[256]; 83 - static uint32_t rco_tab[10]; 84 - static uint32_t ft_tab[4][256]; 85 - static uint32_t it_tab[4][256]; 86 - 87 - static uint32_t fl_tab[4][256]; 88 - static uint32_t il_tab[4][256]; 89 - 90 - static inline uint8_t 91 - f_mult (uint8_t a, uint8_t b) 92 - { 93 - uint8_t aa = log_tab[a], cc = aa + log_tab[b]; 94 - 95 - return pow_tab[cc + (cc < aa ? 1 : 0)]; 96 - } 97 - 98 - #define ff_mult(a,b) (a && b ? f_mult(a, b) : 0) 99 - 100 - #define f_rn(bo, bi, n, k) \ 101 - bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ 102 - ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 103 - ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 104 - ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) 105 - 106 - #define i_rn(bo, bi, n, k) \ 107 - bo[n] = it_tab[0][byte(bi[n],0)] ^ \ 108 - it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 109 - it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 110 - it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) 111 - 112 - #define ls_box(x) \ 113 - ( fl_tab[0][byte(x, 0)] ^ \ 114 - fl_tab[1][byte(x, 1)] ^ \ 115 - fl_tab[2][byte(x, 2)] ^ \ 116 - fl_tab[3][byte(x, 3)] ) 117 - 118 - #define f_rl(bo, bi, n, k) \ 119 - bo[n] = fl_tab[0][byte(bi[n],0)] ^ \ 120 - fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 121 - fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 122 - fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) 123 - 124 - #define i_rl(bo, bi, n, k) \ 125 - bo[n] = il_tab[0][byte(bi[n],0)] ^ \ 126 - il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 127 - il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 128 - il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) 129 - 130 - static void 131 - gen_tabs (void) 132 - { 133 - uint32_t i, t; 134 - uint8_t p, q; 135 - 136 - /* log and power tables for GF(2**8) finite field with 137 - 0x011b as modular polynomial - the simplest prmitive 138 - root is 0x03, used here to generate the tables */ 139 - 140 - for (i = 0, p = 1; i < 256; ++i) { 141 - pow_tab[i] = (uint8_t) p; 142 - log_tab[p] = (uint8_t) i; 143 - 144 - p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0); 145 - } 146 - 147 - log_tab[1] = 0; 148 - 149 - for (i = 0, p = 1; i < 10; ++i) { 150 - rco_tab[i] = p; 151 - 152 - p = (p << 1) ^ (p & 0x80 ? 0x01b : 0); 153 - } 154 - 155 - for (i = 0; i < 256; ++i) { 156 - p = (i ? pow_tab[255 - log_tab[i]] : 0); 157 - q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2)); 158 - p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2)); 159 - sbx_tab[i] = p; 160 - isb_tab[p] = (uint8_t) i; 161 - } 162 - 163 - for (i = 0; i < 256; ++i) { 164 - p = sbx_tab[i]; 165 - 166 - t = p; 167 - fl_tab[0][i] = t; 168 - fl_tab[1][i] = rotl (t, 8); 169 - fl_tab[2][i] = rotl (t, 16); 170 - fl_tab[3][i] = rotl (t, 24); 171 - 172 - t = ((uint32_t) ff_mult (2, p)) | 173 - ((uint32_t) p << 8) | 174 - ((uint32_t) p << 16) | ((uint32_t) ff_mult (3, p) << 24); 175 - 176 - ft_tab[0][i] = t; 177 - ft_tab[1][i] = rotl (t, 8); 178 - ft_tab[2][i] = rotl (t, 16); 179 - ft_tab[3][i] = rotl (t, 24); 180 - 181 - p = isb_tab[i]; 182 - 183 - t = p; 184 - il_tab[0][i] = t; 185 - il_tab[1][i] = rotl (t, 8); 186 - il_tab[2][i] = rotl (t, 16); 187 - il_tab[3][i] = rotl (t, 24); 188 - 189 - t = ((uint32_t) ff_mult (14, p)) | 190 - ((uint32_t) ff_mult (9, p) << 8) | 191 - ((uint32_t) ff_mult (13, p) << 16) | 192 - ((uint32_t) ff_mult (11, p) << 24); 193 - 194 - it_tab[0][i] = t; 195 - it_tab[1][i] = rotl (t, 8); 196 - it_tab[2][i] = rotl (t, 16); 197 - it_tab[3][i] = rotl (t, 24); 198 - } 199 - } 200 - 201 - #define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) 202 - 203 - #define imix_col(y,x) \ 204 - u = star_x(x); \ 205 - v = star_x(u); \ 206 - w = star_x(v); \ 207 - t = w ^ (x); \ 208 - (y) = u ^ v ^ w; \ 209 - (y) ^= rotr(u ^ t, 8) ^ \ 210 - rotr(v ^ t, 16) ^ \ 211 - rotr(t,24) 212 - 213 - /* initialise the key schedule from the user supplied key */ 214 - 215 - #define loop4(i) \ 216 - { t = rotr(t, 8); t = ls_box(t) ^ rco_tab[i]; \ 217 - t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \ 218 - t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \ 219 - t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \ 220 - t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \ 221 - } 222 - 223 - #define loop6(i) \ 224 - { t = rotr(t, 8); t = ls_box(t) ^ rco_tab[i]; \ 225 - t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \ 226 - t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \ 227 - t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \ 228 - t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \ 229 - t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \ 230 - t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \ 231 - } 232 - 233 - #define loop8(i) \ 234 - { t = rotr(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \ 235 - t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \ 236 - t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \ 237 - t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \ 238 - t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \ 239 - t = E_KEY[8 * i + 4] ^ ls_box(t); \ 240 - E_KEY[8 * i + 12] = t; \ 241 - t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \ 242 - t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \ 243 - t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \ 244 - } 245 89 246 90 /* Tells whether the ACE is capable to generate 247 91 the extended key for a given key_len. */ ··· 87 321 struct aes_ctx *ctx = aes_ctx(tfm); 88 322 const __le32 *key = (const __le32 *)in_key; 89 323 u32 *flags = &tfm->crt_flags; 90 - uint32_t i, t, u, v, w; 91 - uint32_t P[AES_EXTENDED_KEY_SIZE]; 92 - uint32_t rounds; 324 + struct crypto_aes_ctx gen_aes; 93 325 94 326 if (key_len % 8) { 95 327 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 96 328 return -EINVAL; 97 329 } 98 - 99 - ctx->key_length = key_len; 100 330 101 331 /* 102 332 * If the hardware is capable of generating the extended key ··· 101 339 */ 102 340 ctx->D = ctx->E; 103 341 104 - E_KEY[0] = le32_to_cpu(key[0]); 105 - E_KEY[1] = le32_to_cpu(key[1]); 106 - E_KEY[2] = le32_to_cpu(key[2]); 107 - E_KEY[3] = le32_to_cpu(key[3]); 342 + ctx->E[0] = le32_to_cpu(key[0]); 343 + ctx->E[1] = le32_to_cpu(key[1]); 344 + ctx->E[2] = le32_to_cpu(key[2]); 345 + ctx->E[3] = le32_to_cpu(key[3]); 108 346 109 347 /* Prepare control words. */ 110 348 memset(&ctx->cword, 0, sizeof(ctx->cword)); ··· 123 361 ctx->cword.encrypt.keygen = 1; 124 362 ctx->cword.decrypt.keygen = 1; 125 363 126 - switch (key_len) { 127 - case 16: 128 - t = E_KEY[3]; 129 - for (i = 0; i < 10; ++i) 130 - loop4 (i); 131 - break; 132 - 133 - case 24: 134 - E_KEY[4] = le32_to_cpu(key[4]); 135 - t = E_KEY[5] = le32_to_cpu(key[5]); 136 - for (i = 0; i < 8; ++i) 137 - loop6 (i); 138 - break; 139 - 140 - case 32: 141 - E_KEY[4] = le32_to_cpu(key[4]); 142 - E_KEY[5] = le32_to_cpu(key[5]); 143 - E_KEY[6] = le32_to_cpu(key[6]); 144 - t = E_KEY[7] = le32_to_cpu(key[7]); 145 - for (i = 0; i < 7; ++i) 146 - loop8 (i); 147 - break; 364 + if (crypto_aes_expand_key(&gen_aes, in_key, key_len)) { 365 + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 366 + return -EINVAL; 148 367 } 149 368 150 - D_KEY[0] = E_KEY[0]; 151 - D_KEY[1] = E_KEY[1]; 152 - D_KEY[2] = E_KEY[2]; 153 - D_KEY[3] = E_KEY[3]; 154 - 155 - for (i = 4; i < key_len + 24; ++i) { 156 - imix_col (D_KEY[i], E_KEY[i]); 157 - } 158 - 159 - /* PadLock needs a different format of the decryption key. */ 160 - rounds = 10 + (key_len - 16) / 4; 161 - 162 - for (i = 0; i < rounds; i++) { 163 - P[((i + 1) * 4) + 0] = D_KEY[((rounds - i - 1) * 4) + 0]; 164 - P[((i + 1) * 4) + 1] = D_KEY[((rounds - i - 1) * 4) + 1]; 165 - P[((i + 1) * 4) + 2] = D_KEY[((rounds - i - 1) * 4) + 2]; 166 - P[((i + 1) * 4) + 3] = D_KEY[((rounds - i - 1) * 4) + 3]; 167 - } 168 - 169 - P[0] = E_KEY[(rounds * 4) + 0]; 170 - P[1] = E_KEY[(rounds * 4) + 1]; 171 - P[2] = E_KEY[(rounds * 4) + 2]; 172 - P[3] = E_KEY[(rounds * 4) + 3]; 173 - 174 - memcpy(D_KEY, P, AES_EXTENDED_KEY_SIZE_B); 175 - 369 + memcpy(ctx->E, gen_aes.key_enc, AES_MAX_KEYLENGTH); 370 + memcpy(ctx->D, gen_aes.key_dec, AES_MAX_KEYLENGTH); 176 371 return 0; 177 372 } 178 373 ··· 394 675 return -ENODEV; 395 676 } 396 677 397 - gen_tabs(); 398 678 if ((ret = crypto_register_alg(&aes_alg))) 399 679 goto aes_err; 400 680